let name=Response.name;
//suppose in name i am getting name=Manav
now what i need to do is
con.query("Select * from accounts_master where name="(name)
i want Manav as 'Manav' in the above line ie Select * from accounts_master where name='Manav'
Please help for the same
Please use prepared statements instead of simple string concatenation or templates:
con.query('SELECT * FROM accounts_master WHERE name = ?', [name], (err, rows) => {
console.log(rows);
})
Doing otherwise may leave you vulnerable to SQL injection attack, as Bobby Tables demonstrates.
Here is how you can achieve it, you can use variables inside a string if the string is defined with back-tics by wrapping them inside a ${VARABLE_NAME}
con.query(`Select * from accounts_master where name="${name}"`)
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.